Snake had been used to steal NATO countries’ data for 20 years

Pro

Image: Getty via Dennis

The US Department of Justice (DoJ) has revealed details of a joint operation in which Western agencies used a custom tool to destroy a decades-old Russian malware operation.

Use of a tool named PERSEUS nullified a worldwide network of devices that had been infected with the Snake malware by threat actors in the group Turla.

A number of agencies including the NSA, FBI, and the Cybersecurity and Infrastructure Security Agency (CISA) led the operation codenamed Medusa.

Snake had been used to exfiltrate sensitive information from devices across 50 or more countries, including NATO governments and journalists, but the FBI-created PERSEUS was used to force the malware to overwrite its data without damaging infected devices.

Turla has been linked directly with the Federal Security Service of the Russian Federation (FSB) and has used Snake since 2003.

“For 20 years, the FSB has relied on the Snake malware to conduct cyber espionage against the United States and our allies – that ends today,” said Matthew G. Olsen, assistant attorney general, at the Justice Department’s National Security Division.

“The Justice Department will use every weapon in our arsenal to combat Russia’s malicious cyber activity, including neutralising malware through high-tech operations, making innovative use of legal authorities, and working with international allies and private sector partners to amplify our collective impact.”

Snake is able to function on Windows, macOS, and Linux under a high level of stealth, and has been operated in a…

Source…